SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c

   1 /** @file
   2   This driver init default Secure Boot variables
   3
   4 Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
   5 Copyright (c) 2021, Semihalf All rights reserved.<BR>
   6 Copyright (c) 2021, Ampere Computing LLC. All rights reserved.<BR>
   7 SPDX-License-Identifier: BSD-2-Clause-Patent
   8
   9 **/
  10 #include <Guid/AuthenticatedVariableFormat.h>
  11 #include <Guid/ImageAuthentication.h>
  12 #include <Library/BaseLib.h>
  13 #include <Library/BaseMemoryLib.h>
  14 #include <Library/DebugLib.h>
  15 #include <Library/MemoryAllocationLib.h>
  16 #include <Library/UefiBootServicesTableLib.h>
  17 #include <Library/UefiRuntimeServicesTableLib.h>
  18 #include <UefiSecureBoot.h>
  19 #include <Library/SecureBootVariableLib.h>
  20 #include <Library/SecureBootVariableProvisionLib.h>
  21
  22 /**
  23   The entry point for SecureBootDefaultKeys driver.
  24
  25   @param[in]  ImageHandle        The image handle of the driver.
  26   @param[in]  SystemTable        The system table.
  27
  28   @retval EFI_SUCCESS            The secure default keys are initialized successfully.
  29   @retval EFI_UNSUPPORTED        One of the secure default keys already exists.
  30   @retval EFI_NOT_FOUND          One of the PK, KEK, or DB default keys is not found.
  31   @retval Others                 Fail to initialize the secure default keys.
  32
  33 **/
  34 EFI_STATUS
  35 EFIAPI
  36 SecureBootDefaultKeysEntryPoint (
  37   IN EFI_HANDLE        ImageHandle,
  38   IN EFI_SYSTEM_TABLE  *SystemTable
  39   )
  40 {
  41   EFI_STATUS  Status;
  42
  43   Status = SecureBootInitPKDefault ();
  44   if (EFI_ERROR (Status)) {
  45     DEBUG ((DEBUG_ERROR, "%a: Cannot initialize PKDefault: %r\n", __FUNCTION__, Status));
  46     return Status;
  47   }
  48
  49   Status = SecureBootInitKEKDefault ();
  50   if (EFI_ERROR (Status)) {
  51     DEBUG ((DEBUG_ERROR, "%a: Cannot initialize KEKDefault: %r\n", __FUNCTION__, Status));
  52     return Status;
  53   }
  54
  55   Status = SecureBootInitDbDefault ();
  56   if (EFI_ERROR (Status)) {
  57     DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbDefault: %r\n", __FUNCTION__, Status));
  58     return Status;
  59   }
  60
  61   Status = SecureBootInitDbtDefault ();
  62   if (Status == EFI_NOT_FOUND) {
  63     DEBUG ((DEBUG_INFO, "%a: dbtDefault not initialized\n", __FUNCTION__));
  64   } else if (EFI_ERROR (Status)) {
  65     DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbtDefault: %r\n", __FUNCTION__, Status));
  66     return Status;
  67   }
  68
  69   Status = SecureBootInitDbxDefault ();
  70   if (Status == EFI_NOT_FOUND) {
  71     DEBUG ((DEBUG_INFO, "%a: dbxDefault not initialized\n", __FUNCTION__));
  72   } else if (EFI_ERROR (Status)) {
  73     DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbxDefault: %r\n", __FUNCTION__, Status));
  74     return Status;
  75   }
  76
  77   return EFI_SUCCESS;
  78 }